Report: Iran Hackers Infiltrated Airlines, Energy, Defense Firms

An Iranian hacker group has breached airlines, energy companies, defense firms and even the US Navy-Marine Corps Intranet, according to the US cyber security firm Cylance.

The firm says these attacks — dubbed Operation Cleaver — showcase a dangerous leap forward in Tehran’s cyber skills as it seeks to retaliate against Western cyber attacks on its nuclear program. The goal of these attacks was apparently infiltration and information gathering, with motives beyond intellectual property theft.

“After tracking the Operation Cleaver team for over two years, we’re led to the inexorable conclusion: The government of Iran, and particularly the Islamic Revolutionary Guard Corps (IRGC), is backing numerous groups and front entities to attack the world’s critical infrastructure,” Cylance said in its 86-page report, released Tuesday.

“As Iran’s cyber warfare capabilities continue to morph, the probability of an attack that could impact the physical world at a national or global level is rapidly increasing,” the report says. “Their capabilities have advanced beyond simple website defacements, Distributed Denial of Service (DDoS) attacks, and Hacking Exposed style techniques.”

A Tehran-based group targeted more than 50 victims across 16 countries, over two years, according to the report. The group is the same one responsible for breaching the unclassified Navy-Marine Corps Intranet, an attack uncovered in 2013, Cylance says.

At the time, the Wall Street Journal reported that US defense officials were surprised at the skills of the Iranian hackers, particularly their ability to penetrate the network and set up remote surveillance from within it. The Navy underwent a weekslong effort to rid the system of invasive, hidden spyware.

Among the companies targeted in Operation Cleaver, 10 were US-based. They included a major airline, a natural gas production firm, an automaker and a large defense contractor, according to Cylance.

Chillingly, the remote access infrastructure for airlines and airports in South Korea, Saudi Arabia and Pakistan were among the transportation targets. The group accessed airport gate and security control systems, a “shocking amount of access into the deepest parts of these companies and the airports in which they operate,” the report says.